我已经为intel cpu漏洞编写了一个vbs脚本,当我从命令行手动运行或双击它时,它运行完全正常。 我们在所有服务器上都有一个NSClient / git infra,nagios使用它来创建检查,我试图在命令提示符下使用NSClient ++。exe来执行这个脚本。但是,当我使用NSClient运行该文件时,它无法创建日志文件(SA-00086 - )。
这是来自nsc.ini的我的NSClient命令:
intel_cpu_vulnerability=C:\Windows\system32\cscript.exe //NoLogo //T:60 C:\WINDOWS\NSClient\scripts\DiscoveryTool\cpu-unsafe.vbs
这是我的cpu-unsafe.vbs脚本:
' VB SCript to find the Intel Processor vulnerability.
Dim Maindir, objFSO, oFile, Executable, Vulnerable, NotVulnerable, objTextFile, Readme, VStatus, StatusLine, strLine
Const ForReading = 1
Maindir = "c:\Windows\nsclient\scripts\DiscoveryTool"
Executable = "Intel-SA-00086-console.exe"
Vulnerable = "Status: This system is vulnerable."
NotVulnerable = "Status: This system is not vulnerable."
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set WshShell = WScript.CreateObject("WScript.Shell")
'Deleting all previous log/xml files
For Each oFile In objFSO.GetFolder(Maindir).Files
If LCase(objFSO.GetExtensionName(oFile.Name))= "log" or LCase(objFSO.GetExtensionName(oFile.Name)) = "xml" Then
If oFile.Name <> "CommandLine.xml" Then
Deleteme = Maindir+"\"+oFile
objFSO.DeleteFile oFile
End If
End If
next
'Running the Intel detector
WSHShell.Run Maindir + "\" + Executable , 0, True
Set objShell = Nothing
WScript.Sleep 3000
'Setting the logfile to read
For Each oFile In objFSO.GetFolder(Maindir).Files
If LCase(objFSO.GetExtensionName(oFile.Name))= "log" Then
If oFile.Name <> "CommandLine.xml" Then
Readme = oFile
End If
End If
next
Set objTextFile = objFSO.OpenTextFile(Readme, ForReading)
'Reading the logfile and determining if the prosessor is affected.
VStatus = "Undetermined"
do until objTextFile.AtEndOfStream
strLine = objTextFile.ReadLine()
If Left(strLine, 7) = "Status:" Then
If InStr(strLine, NotVulnerable) <> 0 then
VStatus = "OK"
StatusLine = strLine
End If
If InStr(strLine, Vulnerable) <> 0 then
VStatus = "NOK"
StatusLine = strLine
End If
End If
If Left(strLine, 24) = "Status: Detection Error:" Then
VStatus = "Undetermined"
StatusLine = strLine
End If
loop
'The FINAL RESULTS:
If VStatus = "OK" then
Wscript.Echo VStatus + ": Not Vulnerable -> From File: " + StatusLine
Wscript.Quit(1)
ElseIf VStatus = "NOK" then
Wscript.Echo VStatus + ": Vulnerable -> From File: " + StatusLine
Wscript.Quit(3)
Else
Wscript.Echo VStatus + ": May be Vulnerable -> From File: " + StatusLine
Wscript.Quit(2)
End If
objTextFile.Close
要测试此脚本,您必须下载Windows Vulnerability Detection tool from Intel's Website。下载后,解压缩zip文件并将此脚本放在DiscoveryTool文件夹中,然后双击运行它。该脚本将告知您的cpu是否受英特尔®管理引擎漏洞的影响。
编辑:我进一步尝试直接从NSClient执行.exe,它给了我Commandline.dll auth失败错误。
nsc.ini命令:
icvy=C:\WINDOWS\NSClient\scripts\DiscoveryTool\Intel-SA-00086-console.exe
输出:
l NSClient++.cpp(456) Enter command to inject or exit to terminate...
icvy
d NSClient++.cpp(1106) Injecting: icvy:
e \CheckExternalScripts.cpp(188) The command (C:\WINDOWS\NSClient\scripts\DiscoveryTool\Intel-SA-00086-console.exe) retu
rned an invalid return code: 11
d NSClient++.cpp(1142) Injected Result: WARNING 'Error: The file 'CommandLine.dll' authentication has failed.'
d NSClient++.cpp(1143) Injected Performance Result: ''
WARNING:Error: The file 'CommandLine.dll' authentication has failed.
答案 0 :(得分:0)
尝试将当前工作目录设置为包含可执行文件的目录。在我这样做之前,我看到了同样的错误消息。在VBScript中,我收集的内容类似于:
WSHShell.CurrentDirectory = Maindir
WSHShell.Run Maindir + "\" + Executable , 0, True